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DETAILED ACTION 

1 . This written action is responding to the amendment dated on 01/18/2008. 

2. Claims 1, 7, 13, 19, 23-29 have been amended. Claims 2, 6, 8-9, 12, and 15-16 
have been canceled. All other claims are as original. 

3. Claims 1, 3-5, 7, 10-11, 13-14, and 17-29 have been submitted for examination. 

4. Claims 1, 3-5, 7, 10-11, 13-14, and 17-29 are pending 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 1, 5, 7, 10, 19, and 25-29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Engberg et al. (U.S. Patent 6,993,658) and further in view of 
Kizu etal. (U.S. Pub. 2004/0179511). 
a. Referring to Claims 1, 25, and 27: 

As per Claim 1, Engberg et al. disclose a method of sharing security 
credentials between devices of a user comprising: 
ascertaining at least one personal authentication gateway device of the 
user from at least one pervasive device of the user [(lines 13-17, Col. 4 
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and lines 27-32, Col. 6)], the at least one pervasive device comprising 
at least one automatic token client application and the at least one 
personal authentication gateway device comprising at least one token 
server application [(lines 22-25 and 50-56, Col. 5; Fig. 1)]; 
sending at least one token request from the at least one pervasive 
device to the at least one personal authentication gateway device [(lines 
22-25 and 58-60, Col. 5; Fig. 1)]; and 

receiving a token response at the at least one pervasive device from the 
at least one personal authentication gateway device [(lines 28-31 and 
60-65, Col. 5; Fig. 1)]; 

wherein when the security credentials are provided to the at least one 
authentication gateway device [(lines 57-63, Col. 7)], the at least one 
pervasive device that has been authorized is enabled to retrieve the at 
least one authentication token [(lines 41-44, Col. 4 and Fig. 1)]. 
Engberg et al. do not expressly disclose the limitation regarding only if 
the at least one pervasive device has been authorized via configuring 
the at least one personal authentication gateway device to recognize the 
at least one pervasive device as a registered member of a pervasive 
authentication domain. However, Kizu et al. disclose the master device 
(authentication gateway device) is to authenticate the slave device 
(pervasive device) to verify if the slave is a registered member of the 
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synchronization group [(lines 1-7 of [0071]; lines 1-4 of [0079]; lines 1- 
7 of [0080]; Figs. 1 and 5)]. 

Engberg et al. and Kizu et al. are from similar technology relating to 
network communications, security, and authentication. It would have 
been obvious to one of ordinary skill in the art at the time of invention 
was made to combine Engberg et al. and Kizu et al. since one would be 
motivated to synchronously processing data between a plurality of 
devices and an electronic device (lines 1-3 of [0002] from Kizu et al.). 

As per Claim 25, it is a program storage device claim that corresponds to 
the method claim 1. Therefore, it is rejected with the same rationale 
applied against Claim 1 above. 

As per Claim 27, it is a computer usable medium claim that corresponds 
to the method claim 1 . Therefore, it is rejected with the same rationale 
applied against Claim 1 above, 
b. Referring to Claim 5: 

As per Claim 5, Engberg et al. and Kizu et al. disclose the method 
according to claim 1, wherein said receiving step comprises storing 
received credentials for use by other applications [(lines 17-25, Col. 4 
and lines 38-43, Col. 7; Fig. 2 from Engberg et al.)]. 
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c. Referring to Claims 7, 26, and 28: 

As per Claim 7, Engberg et al. disclose a method of sharing security 
credentials between devices of a user comprising: receiving at least one 
token request from at least one pervasive device of the user on at least 
one personal authentication gateway of the user [(lines 22-25 and 58- 
60, Col. 5; Fig. 1)], the at least one pervasive device comprising at least 
one automatic token client application and the at least one personal 
authentication gateway device comprising at least one token server 
application [(lines 22-25 and 50-56, Col. 5; Fig. 1)]; 

determining whether the at least one pervasive device is authorized to 
receive authentication tokens [(lines 36-42, Col. 6)]; 

sending at least one token response to the at least on pervasive device 
from the at least one personal authentication gateway device [(lines 22- 
25 and 58-60, Col. 5; Fig. 1)]; 

wherein when the security credentials are provided to the at least one 
authentication gateway device [(lines 57-63, Col. 7)], the at least one 
pervasive device that has been authorized is enabled to retrieve the at 
least one authentication token [(lines 41-44, Col. 4 and Fig. 1)]. 

Engberg et al. do not expressly disclose wherein said determining step 
comprises: if the at least one pervasive device has been authorized via 
configuring the at least one personal authentication gateway device to 
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recognize the at least one pervasive device as a registered member of a 
pervasive authentication domain. However, Kizu et al. disclose the 
master device (authentication gateway device) is to authenticate the 
slave device (pervasive device) to verify if the slave is a registered 
member of the synchronization group [(lines 1-7 of [0071]; lines 1-4 of 
[0079]; lines 1-7 of [0080]; Figs. 1 and 5)]. Engberg et al. and Kizu et 
al. are from similar technology relating to network communications, 
security, and authentication. It would have been obvious to one of 
ordinary skill in the art at the time of invention was made to combine 
Engberg et al. and Kizu et al. since one would be motivated to 
synchronously processing data between a plurality of devices and an 
electronic device (lines 1-3 of [0002] from Kizu et al.). 

As per Claim 26, it is a program storage device claim that corresponds to 
the method claim 7. Therefore, it is rejected with the same rationale 
applied against Claim 7 above. 

As per Claim 28, it is a computer usable medium claim that corresponds 
to the method claim 7. Therefore, it is rejected with the same rationale 
applied against Claim 7 above. 
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d. Referring to Claim 10: 

As per Claim 10, Engberg et al. and Kizu et al. disclose the method 
according to claim 7, wherein said receiving step comprises: 

determining the pervasive device identification of the at least one token 
request [(lines 36-42, Col. 6 from Engberg et al.)]; 

retrieving at least one authentication token for the pervasive device 
[(lines 28-31 and 60-65, Col. 5; Fig. 1 from Engberg et al.)]. In 
addition, Kizu et al. disclose deriving at least one pervasive 
authentication domain for the at least one pervasive device [(lines 1-20 
of [0008] from Kizu et al.)]. 

e. Referring to Claims 19 and 29: 

As per Claim 19, Engberg et al. disclose an apparatus for enabling at 
least one pervasive device to retrieve at least one authentication token 
from at least one personal authentication gateway, said apparatus 
comprising: 

a discoverer which finds at least one personal authentication gateway 
capable of responding to token requests [(lines 13-17, Col. 4 and lines 
27-32, Col. 6)]; 

a token requestor which sends at least one request for at least one token 
required by the at least one pervasive device [(lines 22-25 and 58-60, 
Col. 5; Fig. 1)]; and 
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a token responder which accepts at least one token request and sends 
at least one token response with at least one authentication token to the 
at least one pervasive device [(lines 22-25, 28-31, and 60-65, Col. 5; 

Fig. 1)]. 

wherein when the security credentials are provided to the at least one 
authentication gateway device [(lines 57-63, Col. 7)], the at least one 
pervasive device that has been authorized is enabled to retrieve the at 
least one authentication token [(lines 41-44, Col. 4 and Fig. 1)]. 

Engberg et al. do not expressly disclose only if the at least one pervasive 
device has been authorized via configuring the at least one personal 
authentication gateway device to recognize the at least one pervasive 
device as a registered member of a pervasive authentication domain. 
However, Kizu et al. the master device (authentication gateway device) 
is to authenticate the slave device (pervasive device) to verify if the slave 
is a registered member of the synchronization group [(lines 1-7 of 
[0071]; lines 1-4 of [0079]; lines 1-7 of [0080]; Figs. 1 and 5)]. 
Engberg et al. and Kizu et al. are from similar technology relating to 
network communications, security, and authentication. It would have 
been obvious to one of ordinary skill in the art at the time of invention 
was made to combine Engberg et al. and Kizu et al. since one would be 
motivated to synchronously processing data between a plurality of 
devices and an electronic device (lines 1-3 of [0002] from Kizu et al.). 
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As per Claim 29, it is a computer usable medium claim that corresponds 
to the method claim 19. Therefore, it is rejected with the same rationale 
applied against Claim 19 above. 

6. Claim 24 is rejected under 35 U.S.C. 103(a) as being unpatentable over Engberg 
et al. (U.S. Patent 6,993,658) in view of Kizu et al. (U.S. Pub. 2004/017951 1) and 
Traversat et al. (U. S. Pub. 2002/0152299). 
a. Referring to Claim 24: 

As per Claim 24, Engberg et al. disclose for sharing security credentials 
between devices of a user, said apparatus comprising: 

means for receiving a token request from at least one pervasive device 
[(lines 22-25 and 58-60, Col. 5; Fig. 1)]; 

means for sending at least one token response to said at least one 
pervasive device from at least one personal authentication gateway 
[(lines 28-31 and 60-65, Col. 5; Fig. 1)]; 

wherein when the security credentials are provided to the at least one 
authentication gateway device [(lines 57-63, Col. 7)], the at least one 
pervasive device that has been authorized is enabled to retrieve the at 
least one authentication token [(lines 41-44, Col. 4 and Fig. 1)]. 
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Engberg et al. do not expressly disclose means for registering at least 
one pervasive device of the user for membership in a pervasive 
authentication domain and other limitations of the claim. 

However, Kizu et al. disclose registering the device for membership in a 
pervasive authentication domain and the master device (authentication 
gateway device) is to authenticate the slave device (pervasive device) to 
verify if the slave has been a registered member of the synchronization 
group [(lines 1-7 of [0071]; lines 1-4 of [0079]; lines 1-7 of [0080]; 
Figs. 1 and 5)]. In addition, Traversat et al. disclose wherein the at least 
one pervasive device broadcasts a pervasive authentication domain 
discovery request message to at least one personal authentication 
gateway device of the user [(lines 1-3 of [0277]; lines 1-10 of [0323]; 
lines 9-18 of [0331] from Traversat et al.)]. 

Engberg et al., Kizu et al. and Traversat et al. are from similar 
technology relating to network communications, security, and 
authentication. It would have been obvious to one of ordinary skill in the 
art at the time of invention was made to combine Engberg et al. with 
Kizu et al. and Traversat et al. since one would be motivated (1) to 
synchronously processing data between a plurality of devices and an 
electronic device (lines 1-3 of [0002] from Kizu et al.) and (2) to establish 
a reliable connections between peers (lines 2-3 of [0007] from Traversat 
et al.). 
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7. Claims 3 and 17-18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Engberg et al. (U.S. Patent 6,993,658) and Kizu et al. (U.S. Pub. 
2004/017951 1) and further in view of Traversat et al. (U. S. Pub. 2002/0152299). 

a. Referring to Claim 3: 

As per Claim 3, Engberg et al. and Kizu et al. disclose the method 
according to claim 1. Engberg et al. and Kizu et al. do not expressly 
disclose the remaining limitation of the claim. However, Traversat et al. 
disclose wherein said ascertaining step comprises looking up a personal 
authentication gateway address in configuration settings [(lines 6-8 of 
[0163]; lines 5-6 of [0322]; lines 1-9 of [0343]; lines 9-10 of [0344] 
from Traversat et al.)]- Engberg et al., Kizu et al. and Traversat et al. 
are from similar technology relating to network communications, security, 
and authentication. It would have been obvious to one of ordinary skill in 
the art at the time of invention was made to combine Engberg et al. and 
Kizu et al. with Traversat et al. since one would be motivated to establish 
a reliable connections between peers (lines 2-3 of [0007] from Traversat 
et al.)- 

b. Referring to Claim 1 7: 

As per Claim 17, Engberg et al. and Kizu et al. disclose the method 
according to claim 10. Engberg et al. and Kizu et al. do not expressly 
disclose the remaining limitation of the claim. However, Traversat et al. 
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disclose wherein said determining step comprises ascertaining whether 
the at least one pervasive device has recently made a previous request 
[(lines 1-6 of [0303] and lines 4-6 of [0417] from Traversat et al.)]- 

Engberg et al., Kizu et al. and Traversat et al. are from similar 
technology relating to network communications, security, and 
authentication. It would have been obvious to one of ordinary skill in the 
art at the time of invention was made to combine Engberg et al. and Kizu 
et al. with Traversat et al. since one would be motivated to establish a 
reliable connections between peers (lines 2-3 of [0007] from Traversat et 
al.). 

c. Referring to Claim 18: 

As per Claim 18, Engberg et al. and Kizu et al. disclose the method 
according to claim 10. Engberg and Kizu et al. do not expressly disclose 
the remaining limitation of the claim. However, Traversat et al. disclose 
wherein said determining step comprises ascertaining whether the at 
least one pervasive device has not sent a message indicating that the at 
least one pervasive device is no longer to be trusted [(lines 8-9 of 
[0112] and lines 1-11 of [0392] from Traversat et al.)] Engberg et al., 
Kizu et al. and Traversat et al. are from similar technology relating to 
network communications, security, and authentication. It would have 
been obvious to one of ordinary skill in the art at the time of invention 
was made to combine Engberg et al. and Kizu et al. with Traversat et al. 
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since one would be motivated to establish a reliable connections 
between peers (lines 2-3 of [0007] from Traversat et al.). 



8. Claims 4, 11, and 20-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Engberg et al. (U.S. Patent 6,993,658) and Kizu et al. (U.S. 
Pub. 2004/01 7951 1 ) and further in view of Lincke et al. (U.S. Patent 6,253,326). 
a. Referring to Claim 4: 

As per Claim 4, Engberg et al. and Kizu et al. disclose the method 
according to claim 1 , wherein the at least one token request comprises a 
pervasive device identification, a message type [(lines 32-50, Col. 5 
from Engberg et al.)]. Engberg et al. and Kizu et al. do not expressly 
disclose the remaining limitation of the claim. However, Lincke et al. 
disclose a protection arrangement for fields of the at least one token 
request, the protection arrangement being adapted to ensure integrity 
and confidentiality as request message being encrypted for security 
[(lines 57-62, Col. 89 from Lincke et al.)]. 

Engberg et al., Kizu et al., and Lincke et al. are from similar technology 
relating to security for the digital content and data. It would have been 
obvious to one of ordinary skill in the art at the time of invention was 
made to combine Engberg et al. and Kizu et al. with Lincke et al. to have 
encrypted request for protection since one would be motivated to 
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securely transmitting a message from a wireless client (lines 38-39, Col. 
3 from Lincke etal.). 

b. Referring to Claim 1 1: 

As per Claim 11, Engberg et al. and Kizu et al. disclose the method 
according to claim 7, wherein the at least one token response sent 
comprises of a pervasive device identification, the message type, 
authentication tokens [(lines 29-32 and 35-40, Col. 6 from Engberg et 
al.)]. Engberg et al. and Kizu et al. do not expressly disclose the 
remaining limitation of the claim. However, Lincke et al. disclose a 
protection arrangement for fields of the at least one token response, the 
protection arrangement being adapted to ensure integrity and 
confidentiality as response message being encrypted for security [(lines 
44-50, Col. 89 from Lincke et al.)]. Engberg et al., Kizu et al., and 
Lincke et al. are from similar technology relating to security for the digital 
content and data. It would have been obvious to one of ordinary skill in 
the art at the time of invention was made to combine Engberg et al. and 
Kizu et al. with Lincke et al. since one would be motivated to securely 
transmitting a message from a wireless client (lines 38-39, Col. 3 from 
Lincke et al.). 

c. Referring to Claim 20: 

As per Claim 20, Engberg et al., Kizu et al., and Lincke et al. disclose the 
apparatus according to claim 19, wherein the at least one token request 
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comprises a pervasive device identification, the message type, at least 
one authentication token [(lines 29-32 and 35-40, Col. 6 from Engberg 
et al.)]- Engberg et al., Traversat et al., and Bryson do not expressly 
disclose the remaining limitation of the claim. However, Lincke et al. 
disclose a protection arrangement for fields of the at least one token 
request, the protection arrangement being adapted to ensure integrity 
and confidentiality as request message being encrypted for security 
[(lines 57-62, Col. 89 from Lincke et al.)]. Engberg et al., Kizu et al., 
and Lincke et al. are from similar technology relating to security for the 
digital content and data. It would have been obvious to one of ordinary 
skill in the art at the time of invention was made to combine Engberg et 
al. and Kizu et al. with Lincke et al. since one would be motivated to 
securely transmitting a message from a wireless client (lines 38-39, Col. 
3 from Lincke et al.). 

d. Referring to Claim 21: 

As per Claim 21 , Engberg et al., Kizu et al., and Lincke et al. disclose the 
apparatus according to claim 20, wherein said protection arrangement 
comprises Triple-DES encryption using a long key [(lines 65-67, Col. 3 
and lines 45-50, Col. 91 from Lincke et al.)]. 

e. Referring to Claim 22: 

As per Claim 22, Engberg et al., Kizu et al., and Lincke et al. disclose the 
apparatus according to claim 21, wherein said long key is a secure hash 
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comprised of a master secret known only to the personal authentication 
gateway, a pervasive device identification, and a pervasive 
authentication domain identification [(lines 9-13, Col. 4; lines 17-22 and 
35-38, Col. 6 from Engberg et al.) and (lines 19-21, Col. 85 from 
Lincke et al.)]. 

f. Referring to Claim 23: 

As per Claim 23, Engberg et al., Kizu et al., and Lincke et al. disclose the 
apparatus according to claim 21, wherein said long key is distributed to 
the at least one pervasive device during authorization [(lines 47-49, Col. 
85 and lines 45-50, Col. 91 from Lincke et al.) and (lines 1-7 of 
[0071] from Kizu et al.)]. 

9. Claims 13-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Engberg et al. (U.S. Patent 6,993,658) and Kizu et al. (U.S. Pub. 2004/0179511), 
and further in view of Lewis et al. (U.S. Patent 6,233,565). 
a. Referring to Claim 13: 

As per Claim 13, Engberg et al. and Kizu et al. disclose the method 
according to claim 7, wherein said ascertaining if the at least one 
pervasive device has been authorized step comprises: entering the 
same random password on the pervasive device and the personal 
authentication gateway [(lines 52-59, Col. 4; lines 15-19, Col. 5; lines 
1-18, Col. 7 from Engberg et al.)]. 
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Engberg et al. and Kizu et al. do not expressly disclose the remaining 
limitations of the claim. However, Lewis et al. disclose generating on the 
personal authentication gateway an encryption key, Slave_ID_Secret, 
which is encrypted by the random password [(lines 7-11, Col. 40 from 
Lewis et al.)]; 

transferring the protected key to the pervasive device and computing a 
fingerprint of the key on the personal authentication gateway [(lines 1-4, 
Col. 29 from Lewis et al.)]; and comparing the fingerprint of the 
received and decrypted protected key on the pervasive device [(lines 6- 
9, Col. 29 and lines 9-11, Col. 40 from Lewis)]. 

Engberg et al., Kizu et al., and Lewis et al. are from similar technology 
relating to security for the digital content and data. It would have been 
obvious to one of ordinary skill in the art at the time of invention was 
made to combine Engberg et al., Kizu et al., and Lewis et al. with Lewis 
et al. to have hash of key for verification since one would be motivated to 
use said public and private keys of said client and server to perform the 
authentication (lines 15-16, Col. 6 from Lewis et al.). 

b. Referring to Claim 14: 

As per Claim 14, Engberg et al., Kizu et al., and Lewis et al. disclose the 
method according to claim 13, wherein the encryption key, 
Slave_ID_Secret, is used as a protection arrangement for token 
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requests and token responses [(lines 12-14, Col. 6 from Lewis et al.) 
and (lines 22-25 and 57-62, Col. 5 and from Engberg et al.)]. 



Response to Arguments 

10. Applicant's amendment, filed on Jan. 18, 2008, has Claims 1, 7, 13, 19, 23-29 
amended and Claims 2, 6, 8-9, 12, and 15-16 canceled. Among these amended 
claims, Claims 1, 7, 19, and 24-29 are independent ones. This necessitates the 
new grounds of rejection. 

1 1 .Applicant's arguments are moot in view of the new ground of rejections. Please 
refer rejections above. 



Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Blakley, III et al. (U.S. Pub. 2004/0128546) disclose A system is presented 
for facilitating management of user attribute information 
at one or more attribute information providers (AlPs), which can manage 
the user's attribute information in accordance with user-selected or 
administratively-determined options, including options that are stored in 
attribute release policies and/or dynamically determined during a 
transaction. E-commerce service providers (ECSPs), such as online 
banks or merchants, may maintain a trust relationship with an AIP such 
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that the ECSP can trust the user attribute information that is provided by 
the AIP on behalf of the user. The user can complete transactions that 
require user attribute information at any ECSP without having to have 
previously established a relationship with that particular ECSP. If the 
ECSP does not have a trust relationship with one of the user's AlPs, then 
the ECSP can rely upon a trust proxy to interpret and validate an attribute 
assertion that is received from an AIP. 

13. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Yin-Chen Shaw whose telephone number is 571- 
272-8593. The examiner can normally be reached on 8:15 to 4:15 M-F. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine L. Kincaid can be reached on 571-272-4063. The fax phone 
number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
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system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

YCS 

May. 07, 2008 
/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



